[packages/findutils.git] / findutils-selinux.patch

--- findutils-4.1.20/find/Makefile.am.orig	Mon May 26 20:02:34 2003
+++ findutils-4.1.20/find/Makefile.am	Wed Jan 28 15:15:13 2004
@@ -3,8 +3,9 @@
 bin_PROGRAMS = find
 find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = testsuite
 
--- findutils-4.2.11/find/defs.h.orig	2005-01-03 01:06:10.000000000 +0100
+++ findutils-4.2.11/find/defs.h	2005-01-09 18:10:03.183117288 +0100
@@ -126,6 +126,10 @@
 #define MODE_RWX	(S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
 #define MODE_ALL	(S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if 1
 #include <stdbool.h>
 typedef bool boolean;
@@ -322,6 +322,9 @@
     struct dir_id   fileid;	/* samefile */
     mode_t type;		/* type */
     FILE *stream;		/* ls fls fprint0 */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf fprint  */
   } args;
 
@@ -477,6 +484,10 @@
  
   /* Pointer to the function used to stat files. */
   int (*xstat) (const char *name, struct stat *statbuf);
+
+#ifdef WITH_SELINUX
+  int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
 
 
   /* Indicate if we can implement safely_chdir() using the O_NOFOLLOW
@@ -511,4 +522,9 @@
 # define fchdir(fd) (-1)
 #endif
 
+#ifdef WITH_SELINUX
+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 #endif
--- findutils-4.2.6/find/find.1.orig	2004-11-21 10:52:17.000000000 +0100
+++ findutils-4.2.6/find/find.1	2004-11-21 22:52:25.469719184 +0100
@@ -396,6 +396,9 @@
 link to a file of type \fIc\fR; if the \-L option has been given, true
 if \fIc\fR is `l'.  In other words, for symbolic links, \-xtype checks
 the type of the file that \-type does not check.
+.IP "\-context \fIscontext\fR"
+.IP "\--context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
 
 .SS ACTIONS
 .IP "\-delete\fR"
@@ -633,6 +636,8 @@
 File's type (like in ls -l), U=unknown type (shouldn't happen)
 .IP %Y
 File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded (but the
 other character is printed).
--- findutils-4.2.25/find/find.c.orig	2005-08-30 09:40:03.000000000 +0200
+++ findutils-4.2.25/find/find.c	2005-10-25 23:47:22.594687400 +0200
@@ -272,11 +272,17 @@
     {
     case SYMLINK_ALWAYS_DEREF:  /* -L */
       options.xstat = optionl_stat;
+#ifdef WITH_SELINUX
+      options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
       options.no_leaf_check = true;
       break;
       
     case SYMLINK_NEVER_DEREF:	/* -P (default) */
       options.xstat = optionp_stat;
+#ifdef WITH_SELINUX
+      options.x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
       /* Can't turn no_leaf_check off because the user might have specified 
        * -noleaf anyway
        */
@@ -284,6 +290,9 @@
       
     case SYMLINK_DEREF_ARGSONLY: /* -H */
       options.xstat = optionh_stat;
+#ifdef WITH_SELINUX
+      options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
       options.no_leaf_check = true;
     }
 
@@ -394,6 +403,9 @@
   struct predicate *cur_pred;
   char *predicate_name;		/* Name of predicate being parsed. */
   int end_of_leading_options = 0; /* First arg after any -H/-L etc. */
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag;
+#endif /* WITH_SELINUX */
   program_name = argv[0];
   const struct parser_table *entry_close, *entry_print, *entry_open;
 
@@ -441,6 +453,9 @@
   options.ignore_readdir_race = false;
 
   state.exit_status = 0;
+#ifdef WITH_SELINUX
+  is_selinux_enabled_flag = (is_selinux_enabled() > 0);
+#endif /* WITH_SELINUX */
 
 #if defined(DEBUG_STAT)
   options.xstat = debug_stat;
@@ -537,6 +552,14 @@
       if (strchr ("-!(),", argv[i][0]) == NULL)
 	usage (_("paths must precede expression"));
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+	if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+	    (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+	  error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
+	}
+      }
+#endif
       parse_entry = find_parser (predicate_name);
       if (parse_entry == NULL)
 	{
--- findutils-4.2.25/find/parser.c.orig	2005-07-31 23:01:54.000000000 +0200
+++ findutils-4.2.25/find/parser.c	2005-10-25 23:58:27.823557240 +0200
@@ -47,6 +47,10 @@
 /* We need <unistd.h> for isatty(). */
 #include <unistd.h> 
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -147,6 +151,9 @@
 static boolean parse_warn          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 static boolean parse_xtype         PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 static boolean parse_quit          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext      PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 
 
@@ -280,6 +287,10 @@
   PARSE_TEST_NP    ("wholename",             wholename), /* GNU, replaces -path */
   PARSE_OPTION     ("xdev",                  xdev),
   PARSE_TEST       ("xtype",                 xtype),	     /* GNU */
+#ifdef WITH_SELINUX
+  PARSE_TEST       ("context",               scontext),      /* SELINUX */
+  PARSE_TEST       ("-context",              scontext),      /* SELINUX */
+#endif /*WITH_SELINUX*/
 #ifdef UNIMPLEMENTED_UNIX
   /* It's pretty ugly for find to know about archive formats.
      Plus what it could do with cpio archives is very limited.
@@ -803,6 +814,10 @@
       -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
       -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
       -used N -user NAME -xtype [bcdpfls]\n"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
       -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
@@ -1614,6 +1629,30 @@
   return insert_num (argv, arg_ptr, entry);
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext (const struct parser_table *entry, char **argv, int *arg_ptr)
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary_withpred (entry, pred_scontext);
+  our_pred->need_stat = our_pred->need_type = false;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_used (const struct parser_table* entry, char **argv, int *arg_ptr)
 {
@@ -1949,7 +1988,11 @@
 	  if (*scan2 == '.')
 	    for (scan2++; ISDIGIT (*scan2); scan2++)
 	      /* Do nothing. */ ;
+#ifdef WITH_SELINUX
+	  if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
+#else  /* WITH_SELINUX */
 	  if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
+#endif /* WITH_SELINUX */
 	    {
 	      segmentp = make_segment (segmentp, format, scan2 - format,
 				       (int) *scan2);
--- findutils-4.2.11/find/pred.c.orig	2005-01-03 01:15:48.000000000 +0100
+++ findutils-4.2.11/find/pred.c	2005-01-09 18:22:25.204312920 +0100
@@ -30,6 +30,14 @@
 #include "filemode.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -73,7 +81,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -202,6 +209,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -813,6 +823,26 @@
 
 	  }
 	  break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+	      segment->text[segment->text_len] = 's';
+	      (void) fprintf (fp, segment->text, scontext);
+	      freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
 	}
     }
   return (true);
@@ -1366,6 +1396,31 @@
    */
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext (char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp(scontext, pred_ptr->args.scontext) == 0);
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 \f
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.1.7/find/util.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/util.c	2003-10-10 13:19:10.869534272 -0400
@@ -65,6 +65,9 @@
   last_pred->no_default_print = false;
   last_pred->need_stat = true;
   last_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  last_pred->args.scontext = NULL;
+#endif
   last_pred->pred_next = NULL;
   last_pred->pred_left = NULL;
   last_pred->pred_right = NULL;
--- findutils-4.2.25/po/pl.po.orig	2005-10-25 23:46:10.482650096 +0200
+++ findutils-4.2.25/po/pl.po	2005-10-26 00:00:02.716131376 +0200
@@ -132,6 +132,11 @@
 msgid "paths must precede expression"
Commit	Line	Data
32939b0c JB	1	--- findutils-4.1.20/find/Makefile.am.orig Mon May 26 20:02:34 2003
	2	+++ findutils-4.1.20/find/Makefile.am Wed Jan 28 15:15:13 2004
	3	@@ -3,8 +3,9 @@
	4	bin_PROGRAMS = find
	5	find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
	6	EXTRA_DIST = defs.h $(man_MANS)
	7	+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
	8	INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
	9	-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
	10	+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
	11	man_MANS = find.1
	12	SUBDIRS = testsuite
	13
1db50576 JB	14	--- findutils-4.2.11/find/defs.h.orig 2005-01-03 01:06:10.000000000 +0100
1db50576 JB	15	+++ findutils-4.2.11/find/defs.h 2005-01-09 18:10:03.183117288 +0100
dd23e660	16	@@ -126,6 +126,10 @@
32939b0c JB	17	#define MODE_RWX (S_IXUSR \| S_IXGRP \| S_IXOTH \| MODE_RW)
	18	#define MODE_ALL (S_ISUID \| S_ISGID \| S_ISVTX \| MODE_RWX)
	19
	20	+#ifdef WITH_SELINUX
	21	+#include <selinux/selinux.h>
	22	+#endif /WITH_SELINUX/
	23	+
095a6182 JB	24	#if 1
	25	#include <stdbool.h>
	26	typedef bool boolean;
838045f6	27	@@ -322,6 +322,9 @@
1db50576	28	struct dir_id fileid; /* samefile */
32939b0c	29	mode_t type; /* type */
838045f6	30	FILE stream; / ls fls fprint0 */
32939b0c JB	31	+#ifdef WITH_SELINUX
	32	+ security_context_t scontext; /* scontext */
	33	+#endif /WITH_SELINUX/
838045f6	34	struct format_val printf_vec; /* printf fprintf fprint */
32939b0c JB	35	} args;
32939b0c JB	36
1db50576	37	@@ -477,6 +484,10 @@
2cf781ec	38
1db50576 JB	39	/* Pointer to the function used to stat files. */
	40	int (xstat) (const char name, struct stat *statbuf);
	41	+
	42	+#ifdef WITH_SELINUX
	43	+ int (*x_getfilecon) ();
	44	+#endif /* WITH_SELINUX */
1db50576	45
2cf781ec	46
2cf781ec	47	/* Indicate if we can implement safely_chdir() using the O_NOFOLLOW
1db50576 JB	48	@@ -511,4 +522,9 @@
	49	# define fchdir(fd) (-1)
	50	#endif
32939b0c JB	51
	52	+#ifdef WITH_SELINUX
	53	+boolean pred_scontext PARAMS((char pathname, struct stat stat_buf, struct predicate *pred_ptr));
	54	+extern int (*x_getfilecon) ();
	55	+#endif /WITH_SELINUX/
	56	+
dd23e660	57	#endif
dace4399 JB	58	--- findutils-4.2.6/find/find.1.orig 2004-11-21 10:52:17.000000000 +0100
	59	+++ findutils-4.2.6/find/find.1 2004-11-21 22:52:25.469719184 +0100
	60	@@ -396,6 +396,9 @@
	61	link to a file of type \fIc\fR; if the \-L option has been given, true
	62	if \fIc\fR is `l'. In other words, for symbolic links, \-xtype checks
	63	the type of the file that \-type does not check.
32939b0c JB	64	+.IP "\-context \fIscontext\fR"
	65	+.IP "\--context \fIscontext\fR"
	66	+(SELinux only) File has the security context \fIscontext\fR.
095a6182	67
dace4399	68	.SS ACTIONS
095a6182	69	.IP "\-delete\fR"
dace4399	70	@@ -633,6 +636,8 @@
095a6182 JB	71	File's type (like in ls -l), U=unknown type (shouldn't happen)
	72	.IP %Y
	73	File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
32939b0c JB	74	+.IP %Z
	75	+(SELinux only) file's security context.
	76	.PP
	77	A `%' character followed by any other character is discarded (but the
	78	other character is printed).
4c6d4011 JB	79	--- findutils-4.2.25/find/find.c.orig 2005-08-30 09:40:03.000000000 +0200
	80	+++ findutils-4.2.25/find/find.c 2005-10-25 23:47:22.594687400 +0200
	81	@@ -272,11 +272,17 @@
dace4399 JB	82	{
dace4399 JB	83	case SYMLINK_ALWAYS_DEREF: /* -L */
1db50576	84	options.xstat = optionl_stat;
dace4399	85	+#ifdef WITH_SELINUX
1db50576	86	+ options.x_getfilecon = getfilecon;
dace4399	87	+#endif /* WITH_SELINUX */
1db50576	88	options.no_leaf_check = true;
dace4399 JB	89	break;
	90
	91	case SYMLINK_NEVER_DEREF: /* -P (default) */
1db50576	92	options.xstat = optionp_stat;
dace4399	93	+#ifdef WITH_SELINUX
1db50576	94	+ options.x_getfilecon = lgetfilecon;
dace4399	95	+#endif /* WITH_SELINUX */
1db50576	96	/* Can't turn no_leaf_check off because the user might have specified
dace4399 JB	97	* -noleaf anyway
dace4399 JB	98	*/
4c6d4011	99	@@ -284,6 +290,9 @@
dace4399 JB	100
dace4399 JB	101	case SYMLINK_DEREF_ARGSONLY: /* -H */
1db50576	102	options.xstat = optionh_stat;
dace4399	103	+#ifdef WITH_SELINUX
1db50576	104	+ options.x_getfilecon = getfilecon;
dace4399	105	+#endif /* WITH_SELINUX */
1db50576	106	options.no_leaf_check = true;
dace4399	107	}
1db50576	108
4c6d4011	109	@@ -394,6 +403,9 @@
dace4399 JB	110	struct predicate *cur_pred;
	111	char predicate_name; / Name of predicate being parsed. */
	112	int end_of_leading_options = 0; /* First arg after any -H/-L etc. */
32939b0c	113	+#ifdef WITH_SELINUX
dace4399	114	+ int is_selinux_enabled_flag;
32939b0c	115	+#endif /* WITH_SELINUX */
dace4399	116	program_name = argv[0];
4c6d4011	117	const struct parser_table entry_close, entry_print, *entry_open;
32939b0c	118
4c6d4011	119	@@ -441,6 +453,9 @@
1db50576 JB	120	options.ignore_readdir_race = false;
	121
	122	state.exit_status = 0;
dace4399 JB	123	+#ifdef WITH_SELINUX
	124	+ is_selinux_enabled_flag = (is_selinux_enabled() > 0);
	125	+#endif /* WITH_SELINUX */
	126
	127	#if defined(DEBUG_STAT)
1db50576	128	options.xstat = debug_stat;
4c6d4011	129	@@ -537,6 +552,14 @@
32939b0c JB	130	if (strchr ("-!(),", argv[i][0]) == NULL)
	131	usage (_("paths must precede expression"));
	132	predicate_name = argv[i];
	133	+#ifdef WITH_SELINUX
	134	+ if (! is_selinux_enabled_flag) {
	135	+ if ((strncmp(predicate_name,"-context",strlen("-context"))==0) \|\|
	136	+ (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
	137	+ error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
	138	+ }
	139	+ }
	140	+#endif
4c6d4011 JB	141	parse_entry = find_parser (predicate_name);
	142	if (parse_entry == NULL)
	143	{
	144	--- findutils-4.2.25/find/parser.c.orig 2005-07-31 23:01:54.000000000 +0200
	145	+++ findutils-4.2.25/find/parser.c 2005-10-25 23:58:27.823557240 +0200
	146	@@ -47,6 +47,10 @@
	147	/* We need <unistd.h> for isatty(). */
	148	#include <unistd.h>
32939b0c JB	149
	150	+#ifdef WITH_SELINUX
	151	+#include <selinux/selinux.h>
	152	+#endif /WITH_SELINUX/
	153	+
	154	#if ENABLE_NLS
	155	# include <libintl.h>
	156	# define _(Text) gettext (Text)
4c6d4011 JB	157	@@ -147,6 +151,9 @@
	158	static boolean parse_warn PARAMS((const struct parser_table, char argv[], int *arg_ptr));
	159	static boolean parse_xtype PARAMS((const struct parser_table, char argv[], int *arg_ptr));
	160	static boolean parse_quit PARAMS((const struct parser_table, char argv[], int *arg_ptr));
32939b0c	161	+#ifdef WITH_SELINUX
4c6d4011	162	+static boolean parse_scontext PARAMS((const struct parser_table, char argv[], int *arg_ptr));
32939b0c JB	163	+#endif /WITH_SELINUX/
32939b0c JB	164
4c6d4011 JB	165
	166
	167	@@ -280,6 +287,10 @@
	168	PARSE_TEST_NP ("wholename", wholename), /* GNU, replaces -path */
	169	PARSE_OPTION ("xdev", xdev),
	170	PARSE_TEST ("xtype", xtype), /* GNU */
32939b0c	171	+#ifdef WITH_SELINUX
4c6d4011 JB	172	+ PARSE_TEST ("context", scontext), /* SELINUX */
4c6d4011 JB	173	+ PARSE_TEST ("-context", scontext), /* SELINUX */
32939b0c	174	+#endif /WITH_SELINUX/
4c6d4011 JB	175	#ifdef UNIMPLEMENTED_UNIX
	176	/* It's pretty ugly for find to know about archive formats.
	177	Plus what it could do with cpio archives is very limited.
	178	@@ -803,6 +814,10 @@
32939b0c	179	-nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
095a6182	180	-wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
1db50576	181	-used N -user NAME -xtype [bcdpfls]\n"));
32939b0c JB	182	+#ifdef WITH_SELINUX
	183	+ puts (_("\
	184	+ -context CONTEXT\n"));
	185	+#endif /WITH_SELINUX/
	186	puts (_("\
4c6d4011 JB	187	actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
	188	-fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
	189	@@ -1614,6 +1629,30 @@
	190	return insert_num (argv, arg_ptr, entry);
32939b0c JB	191	}
	192
	193	+#ifdef WITH_SELINUX
	194	+
	195	+static boolean
4c6d4011	196	+parse_scontext (const struct parser_table entry, char argv, int arg_ptr)
32939b0c JB	197	+{
	198	+ struct predicate *our_pred;
	199	+
	200	+ if ( (argv == NULL) \|\| (argv[*arg_ptr] == NULL) )
	201	+ return( false );
	202	+
4c6d4011 JB	203	+ our_pred = insert_primary_withpred (entry, pred_scontext);
4c6d4011 JB	204	+ our_pred->need_stat = our_pred->need_type = false;
32939b0c JB	205	+#ifdef DEBUG
	206	+ our_pred->p_name = find_pred_name (pred_scontext);
	207	+#endif /DEBUG/
	208	+
	209	+ our_pred->args.scontext = argv[*arg_ptr];;
	210	+
	211	+ (*arg_ptr)++;
	212	+ return( true );
	213	+}
	214	+
	215	+#endif /WITH_SELINUX/
	216	+
	217	static boolean
4c6d4011	218	parse_used (const struct parser_table* entry, char *argv, int arg_ptr)
32939b0c	219	{
4c6d4011	220	@@ -1949,7 +1988,11 @@
32939b0c JB	221	if (*scan2 == '.')
	222	for (scan2++; ISDIGIT (*scan2); scan2++)
	223	/* Do nothing. */ ;
32939b0c	224	+#ifdef WITH_SELINUX
dace4399	225	+ if (strchr ("abcdDfFgGhHiklmMnpPstuUyYZ", *scan2))
32939b0c	226	+#else /* WITH_SELINUX */
dace4399	227	if (strchr ("abcdDfFgGhHiklmMnpPstuUyY", *scan2))
32939b0c JB	228	+#endif /* WITH_SELINUX */
	229	{
	230	segmentp = make_segment (segmentp, format, scan2 - format,
	231	(int) *scan2);
1db50576 JB	232	--- findutils-4.2.11/find/pred.c.orig 2005-01-03 01:15:48.000000000 +0100
	233	+++ findutils-4.2.11/find/pred.c 2005-01-09 18:22:25.204312920 +0100
	234	@@ -30,6 +30,14 @@
	235	#include "filemode.h"
32939b0c JB	236	#include "wait.h"
	237
	238	+#ifdef WITH_SELINUX
	239	+#include <selinux/selinux.h>
	240	+#endif /WITH_SELINUX/
	241	+
	242	+#ifndef FNM_CASEFOLD
	243	+#define FNM_CASEFOLD (1<<4)
	244	+#endif /FNM_CASEFOLD/
	245	+
	246	#if ENABLE_NLS
	247	# include <libintl.h>
	248	# define _(Text) gettext (Text)
1db50576	249	@@ -73,7 +81,6 @@
32939b0c JB	250
	251	extern int yesno ();
	252
	253	-
	254	/* Get or fake the disk device blocksize.
	255	Usually defined by sys/param.h (if at all). */
	256	#ifndef DEV_BSIZE
1db50576	257	@@ -202,6 +209,9 @@
32939b0c JB	258	{pred_used, "used "},
	259	{pred_user, "user "},
	260	{pred_xtype, "xtype "},
	261	+#ifdef WITH_SELINUX
	262	+ {pred_scontext, "context"},
	263	+#endif /WITH_SELINUX/
	264	{0, "none "}
	265	};
	266
1db50576 JB	267	@@ -813,6 +823,26 @@
	268
	269	}
32939b0c JB	270	break;
	271	+#ifdef WITH_SELINUX
	272	+ case 'Z': /* SELinux security context */
	273	+ {
	274	+ security_context_t scontext;
	275	+ int rv;
1db50576	276	+ rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
32939b0c JB	277	+
	278	+ if ( rv < 0 ) {
	279	+ (void) fprintf(stderr, "getfileconf(%s): %s",
	280	+ pathname, strerror(errno));
	281	+ (void) fflush(stderr);
	282	+ }
	283	+ else {
	284	+ segment->text[segment->text_len] = 's';
	285	+ (void) fprintf (fp, segment->text, scontext);
	286	+ freecon(scontext);
	287	+ }
	288	+ }
	289	+ break ;
	290	+#endif /* WITH_SELINUX */
	291	}
	292	}
	293	return (true);
1db50576 JB	294	@@ -1366,6 +1396,31 @@
1db50576 JB	295	*/
32939b0c JB	296	return (pred_type (pathname, &sbuf, pred_ptr));
	297	}
	298	+
	299	+
	300	+#ifdef WITH_SELINUX
	301	+
	302	+boolean
1db50576	303	+pred_scontext (char pathname, struct stat stat_buf, struct predicate *pred_ptr)
32939b0c JB	304	+{
	305	+ int rv;
	306	+ security_context_t scontext;
	307	+
1db50576	308	+ rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
32939b0c JB	309	+
	310	+ if ( rv < 0 ) {
	311	+ (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
	312	+ (void) fflush(stderr);
	313	+ return ( false );
	314	+ }
	315	+
1db50576	316	+ rv= (strcmp(scontext, pred_ptr->args.scontext) == 0);
32939b0c JB	317	+ freecon(scontext);
	318	+ return rv;
	319	+}
	320	+
	321	+#endif /WITH_SELINUX/
	322	+
	323	\f
	324	/* 1) fork to get a child; parent remembers the child pid
	325	2) child execs the command requested
	326	--- findutils-4.1.7/find/util.c.selinux 2001-05-20 16:39:37.000000000 -0400
	327	+++ findutils-4.1.7/find/util.c 2003-10-10 13:19:10.869534272 -0400
	328	@@ -65,6 +65,9 @@
	329	last_pred->no_default_print = false;
	330	last_pred->need_stat = true;
	331	last_pred->args.str = NULL;
	332	+#ifdef WITH_SELINUX
	333	+ last_pred->args.scontext = NULL;
	334	+#endif
	335	last_pred->pred_next = NULL;
	336	last_pred->pred_left = NULL;
	337	last_pred->pred_right = NULL;
4c6d4011 JB	338	--- findutils-4.2.25/po/pl.po.orig 2005-10-25 23:46:10.482650096 +0200
	339	+++ findutils-4.2.25/po/pl.po 2005-10-26 00:00:02.716131376 +0200
	340	@@ -132,6 +132,11 @@
32939b0c JB	341	msgid "paths must precede expression"
	342